in which he takes the firm stance that non-free software is unethical in all cases but concedes that running non-free games on a free operating system is much more desirable than running them on a non-free operating system itself
Why single out games as "potentially not as harmful"?
Moving from non-free to free is a process. It is a process that does not happen overnight. First get the vendors to compile for Linux. Then, if any feel like it, they can move to Free Software and make money through support like IBM, Oracle, and SAP make the vast majority of their profits on support (the actual sales of their closed source software is a minor component of their profits).
Without getting major companies to start moving their paid, closed source software to Linux first, you/re/never/ going to see Autocad or the like as Free Software on Linux.
Absolutism is counter-productive and turns off the people and companies we need to get on the side of Linux. I'm sorry, but ESR is full of himself and full of shit.
-- BMO - Long time Linux user, and user of Free Software and believer of Free Software as a laudable end goal, but the world is not as neat as ESR thinks it is, can be, or should be.
>I'm being told that I'll be worth less to the organization as a supervisor than what I'm making now, but the earning potential is greater if I accept the management position.
"You're too valuable where you are"
Where have I heard that before. It's a fucking lie. Because if they really felt that way, they'd pay you more to keep you where you are. It doesn't matter how much experience or knowledge you have. To them you are replaceable and just a number.
I think that 2000 common words is unrealistically too small a vocabulary for everyday use.
It's probably on the order of 10,000 in daily use by joe schmoe.
The Second Edition of the 20-volume Oxford English Dictionary contains full entries for 171,476 words in current use, and 47,156 obsolete words. To this may be added around 9,500 derivative words included as subentries. Over half of these words are nouns, about a quarter adjectives, and about a seventh verbs; the rest is made up of exclamations, conjunctions, prepositions, suffixes, etc. And these figures don't take account of entries with senses for different word classes (such as noun and adjective).
This suggests that there are, at the very least, a quarter of a million distinct English words, excluding inflections, and words from technical and regional vocabulary not covered by the OED, or words not yet added to the published dictionary, of which perhaps 20 per cent are no longer in current use. If distinct senses were counted, the total would probably approach three quarters of a million.
In December 2010 a joint Harvard/Google study found the language to contain 1,022,000 words and to expand at the rate of 8,500 words per year.[84] The findings came from a computer analysis of 5,195,769 digitised books. Others have estimated a rate of growth of 25,000 words each year.[85]
- wikipedia.
What does this mean?
IMO, predicting what people are going to use for their correcthorsebatterystapler passwords is nigh impossible and to crack the password of someone who is evenly slightly motivated to have a non-weak one will probably require heat-death of the universe time to crack with a distributed crack. There will always those who use "it's just the letter A" but there is no cure for stupidity.
>I'm not sure what you're correcting me about here since multiplying 2^11 * 2^11 * 2^11 * 2^11 = (2^11)^4, which is how you do a permutation that allows repetition. The math words out the same, and your result using 2000 instead of 2048, works out to 43.8 bits of entropy (which rounds up to 44). (No offense taken, though.)
Meh. Need coffee.
I used 2000 words because of what you started with. If we're going to start in Decimal, we may as well stay in Decimal for the calculation and stay away from converting to different bases. KISS.
But the idea is valid if you include easy to remember made-up words and proper nouns and such. If you include uppercase at the beginnings of words and include spaces, then you've really given the rainbow table generator guy a run for his money.
I am glad that you didn't fall into the trap that people do and then say OMG, YOU USED REAL WORDS!!!@#!@$#!!ONE!!1 and then assume that partial passwords are recoverable and you only need to test for one word. Which, is not how it works. I've run into that argument time and again and I don't know where people get the idea.
If you also read further, he goes on to say that the length of a password is really important, and gives two examples: one that looks easy to crack, and one that looks secure, but the one that looks easy isn't the easy one, because it has all elements of a "secure" password and is longer (more bits to run through the crack) that the "difficult" one. And once you make the person running the crack have to guess how long the password is, you've probably already won.
I just wanted to run the xkcd password through to see what I'd get. I'm sure the xkcd password is part of everyone's dictionary by now and is useless as an actual password.
A secure password doesn't have to look like an already hashed password.
As for a source of words not found in typical dictionary files that will give squiggly lines everywhere when used in documents, go to the Phrontistery.info, which on my screen is squiggly-lined.
>. With four words, that's 44 bits total as their entropy is multiplied together.
Order matters, it's not just multiplication. 11 bits ^4
But Stuxnet and Flame are both found *outside* just the PLCs running centrifuges in Iran. Indeed, that's how Stuxnet was discovered, on computers *totally unrelated* to the enrichment of Uranium *outside* of Iran.
>Symantec noted in August 2010 that 60% of the infected computers worldwide were in Iran.[12] - Wikipedia
Which means that 40 percent of the computers were *outside Iran* and *totally* unrelated.
Lawful activities of an intelligence agency need to be targeted to specific foes. That is unless you are arguing for the scatter-shot strategy of infecting everything on the planet in the name of state security.
You find me the law that grants the Executive branch the power to do this, when there are laws within the US that make computer intrusion illegal *on the books since the 80s* So unless Congress carves out an exemption for the Executive branch to those laws, computer intrusion is illegal since it is already illegal via state and federal law.
And if you have read anything I have ever written in here, I am far from libertarian. Indeed, I find it an insult, sir.
>So if the government murders (we call it war) or kidnaps (we call it arrest), is it also illegal?
No. Because you miss the point that the above are done under the rule of law.
Flame, etc, are not done under the rule of law. They are merely rogue state actions outside the rule of law when practiced by a state.
The Congress did not give the Executive branch this power by any sort of law that I can recall, not even the PATRIOT act, and if they had, it would have certainly appeared here, and I've been here since before 2001.
Search Space Depth (Alphabet): 26 Search Space Length (Characters): 26 characters Exact Search Space Size (Count): (count of all possible passwords with this alphabet size and up to this password's length) 6, 402,364,363,415,443,603, 228,541,259,936,211,926 Search Space Size (as a power of 10): 6.40 x 1036 Time Required to Exhaustively Search this Password's Space: Online Attack Scenario: (Assuming one thousand guesses per second) 2.04 trillion trillion centuries Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second) 20.36 thousand trillion centuries Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second) 20.36 trillion centuries
To illustrate the low intellectual frame of mind that starts your message, I need to point out your title. Someone, somewhere did not educate you in the usage of the apostrophe.
"An apostrophe does not mean 'uh-oh, here comes an s.'" - Dave Barry as "Mr Grammar Person"
Similarly, someone, somewhere, did not educate you in the scientific concepts like the scientific method, what a theory is, what a hypothesis is, what evidence is, etc., and I am being kind here. I could accuse you of being a lay-about all through school not paying one whit of attention to what was being taught because you were smoking dope or something.
Now to get to your actual question: It is without merit and assumes that "evolutionists" (there is no such thing - evolution is not a system of belief) "believe" in evolution as a matter of faith. This is pure unadulterated nonsense. Before Darwin wrote his Origin of Species, thinking people understood that "change over time," i.e., evolution happens. Lamarck was one of them, but while his was one of the first self-consistent theories of evolution and set the tone for future research, it had major problems. What was ground breaking about Darwin's book was that he wrote down what the more sensible method by which Nature does it and had hundreds of pages of observational notes and logical argument to back it up. He did this by going out and observing how the world actually works instead of sitting on his arse and pontificating like Aristotle, who while a smart guy in many respects, was laughably wrong in others.
And to this day, the evidence points in the direction of evolution as fact and away from bronze-age mythology ever more so. While people may debate the finer points (punctuated equilibrium vs. gradualism) the overall fact of evolution gets more understood every day.
Now if you are unwilling to buy into the fact of evolution and wish to call it nonsense, I demand that you put up or shut up and present your case as to why you think you have a better idea for how the universe works. If you do have indeed a better case, the next Nobel prize and lots of cash and fame is yours and someone might name a city after you. If you do not, we can ridicule you mercilessly.
The teenage hacker in a basement was never as much of a risk compared to what started happening about 15 years ago with organized crime getting involved.
This "new" kind of malware has been dubbed (I think more accurately than most) crimeware.
And whether governments do it, or the RBN, it's still crimeware.
You don't have to prove every value, merely every edge case
Then you haven't even written a proof, have you? You've pretended to.
Why don't you want to pay for perfect software?
Because Man, in his thousands of years on this spinning rock, has never/ever/ created anything perfect.
Perfect software doesn't exist and neither will it ever. If someone claims they can, make sure you know where your wallet is. It's like the koan, "If you meet the Buddha, kill him."
Software can be made 100% secure assuming it is the only attack vector.
1. That's assuming too much and ignores reality (humans) so this is automatically bunk. But I'll take this as "credible" to discuss the next point.
2. People, like you, have claimed that you should be able to write a mathematical proof for your code, and if you can, it's secure (because supposedly it's only going to do what you tell it without error).
This totally ignores the concept of Complexity - complex (and even unexpected) behaviours arise from simple rules. People don't write proofs for code because the complexity grows exponentially as the lines of code get more numerous. Mapping it simply becomes impossible. Sure, you can write a proof for a 10 line algorithm. What do you do when you have a code base like the size of Windows 8? Or how about something much smaller? Let's take Conway's Game of Life. You have simple rules. You go ahead and map the output for every single set of values. Before the heat death of the Universe, please.
How much do you really want to pay for your software? What features are you willing to give up because it was too expensive to write the proofs? Do we *really* need *all* software to be subject to the same scrutiny as the software that runs a CAT scanner or a medical cyclotron?
It is said that the making of laws and sausages is similar, and you really don't want to watch it happening in real time. I believe we can add "writing software" to this. That's just reality, man. Deal with it.
But it's hard to say there won't be a way to do it until we see group policy templates.
I dunno man, that seems overly optimistic to me at this point. They really seem to be doubling-down on Metro. To back down would be admitting defeat.
volume licensing and enterprise features
No, that's not what I was getting about. Of course they're going to keep domain and RDP stuff and such. I don't think that the Metro UI team is on board with enterprise one bit. I see a lot of businesses sticking with 7 until the bitter end because of metro. But that's just speculation on my part. I'm not alone in that opinion though.
Do you want my post to be full or ranting and caps lock to emphasis my complete and utter anger of this ?
No, but your previous post started out with "giving them the benefit of the doubt" which I think at this point is completely unjustified and seemed to really take the edge off of whether you found the singling out offensive or not. IMO, natch.
Which is why I asked.
politeness
Clearly this depends on the situation.
telling one to go do something painful
That's the spirit, heh.
On another note, I have dealt with Canadian immigration and customs, and while they may seem easy going, they really do know their shit and know when you're trying to pull a fast one. I never had a problem, but I have seen some people just totally blow it, deservedly, and wind up with extra interrogation. Coming back to the US is a different story. I refuse to come through Vermont if at all possible. I'd rather take a detour of several hundred miles and go via the Peace Bridge to get home from Quebec, They're more professional there. They're just jerks at the border station in Vermont. To everybody.
I'd be surprised if there wasn't some way to turn it off
Nope. There *was* a way to, in the Developer's Preview, an obscure registry entry that wasn't obvious to anyone, but when the Consumer Preview rolled around, it was removed, and legacy code in Explorer was removed yet still in the Beta to *make damn sure* nobody can turn off Metro.
The only way to remove Metro now is to remove Explorer and replace it with something else.
Metro really wouldn't fly for... kiosks
Actually, it's probably better for kiosks than 7 is. It's touch oriented and full screen is nearly mandatory (there is a way to split and have two apps on one screen, but it is... suboptimal from what I've seen)
Slashdot Mirror
in which he takes the firm stance that non-free software is unethical in all cases but concedes that running non-free games on a free operating system is much more desirable than running them on a non-free operating system itself
Why single out games as "potentially not as harmful"?
Moving from non-free to free is a process. It is a process that does not happen overnight. First get the vendors to compile for Linux. Then, if any feel like it, they can move to Free Software and make money through support like IBM, Oracle, and SAP make the vast majority of their profits on support (the actual sales of their closed source software is a minor component of their profits).
Without getting major companies to start moving their paid, closed source software to Linux first, you/re /never/ going to see Autocad or the like as Free Software on Linux.
Absolutism is counter-productive and turns off the people and companies we need to get on the side of Linux. I'm sorry, but ESR is full of himself and full of shit.
--
BMO - Long time Linux user, and user of Free Software and believer of Free Software as a laudable end goal, but the world is not as neat as ESR thinks it is, can be, or should be.
>I'm being told that I'll be worth less to the organization as a supervisor than what I'm making now, but the earning potential is greater if I accept the management position.
"You're too valuable where you are"
Where have I heard that before. It's a fucking lie. Because if they really felt that way, they'd pay you more to keep you where you are. It doesn't matter how much experience or knowledge you have. To them you are replaceable and just a number.
Take the money and move up the chain.
--
BMO
Why is this downmodded?
It's true. They actually did run a do-it-yourself car repair garage, and it turned out to be a disaster for them.
Crikes.
--
BMO
To follow up on my message,
I think that 2000 common words is unrealistically too small a vocabulary for everyday use.
It's probably on the order of 10,000 in daily use by joe schmoe.
- http://oxforddictionaries.com/words/how-many-words-are-there-in-the-english-language
and....
- wikipedia.
What does this mean?
IMO, predicting what people are going to use for their correcthorsebatterystapler passwords is nigh impossible and to crack the password of someone who is evenly slightly motivated to have a non-weak one will probably require heat-death of the universe time to crack with a distributed crack. There will always those who use "it's just the letter A" but there is no cure for stupidity.
"It's just the letter A" http://www.youtube.com/watch?feature=player_detailpage&v=uRGljemfwUE#t=399s
YMMV of course.
--
BMO
>I'm not sure what you're correcting me about here since multiplying 2^11 * 2^11 * 2^11 * 2^11 = (2^11)^4, which is how you do a permutation that allows repetition. The math words out the same, and your result using 2000 instead of 2048, works out to 43.8 bits of entropy (which rounds up to 44). (No offense taken, though.)
Meh. Need coffee.
I used 2000 words because of what you started with. If we're going to start in Decimal, we may as well stay in Decimal for the calculation and stay away from converting to different bases. KISS.
--
BMO
The file going around is simply a pile of hashes, no logins. Did the crackers get both? Or did they just get the hashes?
Because the hashes may as well be piles of random data if you can't pair them with a login.
I have not heard a peep about the logins themselves. Are we just assuming they were taken?
--
BMO
But the idea is valid if you include easy to remember made-up words and proper nouns and such. If you include uppercase at the beginnings of words and include spaces, then you've really given the rainbow table generator guy a run for his money.
I am glad that you didn't fall into the trap that people do and then say OMG, YOU USED REAL WORDS!!!@#!@$#!!ONE!!1 and then assume that partial passwords are recoverable and you only need to test for one word. Which, is not how it works. I've run into that argument time and again and I don't know where people get the idea.
If you also read further, he goes on to say that the length of a password is really important, and gives two examples: one that looks easy to crack, and one that looks secure, but the one that looks easy isn't the easy one, because it has all elements of a "secure" password and is longer (more bits to run through the crack) that the "difficult" one. And once you make the person running the crack have to guess how long the password is, you've probably already won.
I just wanted to run the xkcd password through to see what I'd get. I'm sure the xkcd password is part of everyone's dictionary by now and is useless as an actual password.
A secure password doesn't have to look like an already hashed password.
As for a source of words not found in typical dictionary files that will give squiggly lines everywhere when used in documents, go to the Phrontistery.info, which on my screen is squiggly-lined.
>. With four words, that's 44 bits total as their entropy is multiplied together.
Order matters, it's not just multiplication. 11 bits ^4
http://www.mathsisfun.com/combinatorics/combinations-permutations-calculator.html
Screenshot: 2000 words, 4 of each, order matters, repetition ok: http://imgur.com/0n5XL
--
BMO
My account is where app and game requests and chain statuses go to die.
It has probably let me hang on to the "classic Facebook" look instead of Timeline, because "this app will install timeline." No...no it won't.
--
BMO
But Stuxnet and Flame are both found *outside* just the PLCs running centrifuges in Iran. Indeed, that's how Stuxnet was discovered, on computers *totally unrelated* to the enrichment of Uranium *outside* of Iran.
>Symantec noted in August 2010 that 60% of the infected computers worldwide were in Iran.[12] - Wikipedia
Which means that 40 percent of the computers were *outside Iran* and *totally* unrelated.
Lawful activities of an intelligence agency need to be targeted to specific foes. That is unless you are arguing for the scatter-shot strategy of infecting everything on the planet in the name of state security.
At that point, we have nothing to discuss.
--
BMO
To follow up on my previous message:
http://www.law.cornell.edu/uscode/text/18/1030
Show me where the Executive Branch is exempt from this.
--
BMO
You find me the law that grants the Executive branch the power to do this, when there are laws within the US that make computer intrusion illegal *on the books since the 80s* So unless Congress carves out an exemption for the Executive branch to those laws, computer intrusion is illegal since it is already illegal via state and federal law.
And if you have read anything I have ever written in here, I am far from libertarian. Indeed, I find it an insult, sir.
--
BMO
Yes, but when a hostile action is taken outside the rule of law, that is per-se illegal and a crime. See my other message.
--
BMO
>So if the government murders (we call it war) or kidnaps (we call it arrest), is it also illegal?
No. Because you miss the point that the above are done under the rule of law.
Flame, etc, are not done under the rule of law. They are merely rogue state actions outside the rule of law when practiced by a state.
The Congress did not give the Executive branch this power by any sort of law that I can recall, not even the PATRIOT act, and if they had, it would have certainly appeared here, and I've been here since before 2001.
Nice try, though.
--
BMO
>I think that's taking a fast and loose definition of "crime", isn't it?
No, not really.
It's an illegal activity, whether done by governments or by the mob.
--
BMO
Obligatory xkcd
correcthorsebatterystapler
Search Space Depth (Alphabet): 26
Search Space Length (Characters): 26 characters
Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length) 6,
402,364,363,415,443,603,
228,541,259,936,211,926
Search Space Size (as a power of 10): 6.40 x 1036
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 2.04 trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 20.36 thousand trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 20.36 trillion centuries
--
BMO
What part of PPA do you not understand?
--
BMO
To illustrate the low intellectual frame of mind that starts your message, I need to point out your title. Someone, somewhere did not educate you in the usage of the apostrophe.
"An apostrophe does not mean 'uh-oh, here comes an s.'" - Dave Barry as "Mr Grammar Person"
And I highly recommend buying this poster to hang on your wall, so you don't ever forget: http://angryflower.com/aposter.html
Similarly, someone, somewhere, did not educate you in the scientific concepts like the scientific method, what a theory is, what a hypothesis is, what evidence is, etc., and I am being kind here. I could accuse you of being a lay-about all through school not paying one whit of attention to what was being taught because you were smoking dope or something.
Now to get to your actual question: It is without merit and assumes that "evolutionists" (there is no such thing - evolution is not a system of belief) "believe" in evolution as a matter of faith. This is pure unadulterated nonsense. Before Darwin wrote his Origin of Species, thinking people understood that "change over time," i.e., evolution happens. Lamarck was one of them, but while his was one of the first self-consistent theories of evolution and set the tone for future research, it had major problems. What was ground breaking about Darwin's book was that he wrote down what the more sensible method by which Nature does it and had hundreds of pages of observational notes and logical argument to back it up. He did this by going out and observing how the world actually works instead of sitting on his arse and pontificating like Aristotle, who while a smart guy in many respects, was laughably wrong in others.
And to this day, the evidence points in the direction of evolution as fact and away from bronze-age mythology ever more so. While people may debate the finer points (punctuated equilibrium vs. gradualism) the overall fact of evolution gets more understood every day.
Now if you are unwilling to buy into the fact of evolution and wish to call it nonsense, I demand that you put up or shut up and present your case as to why you think you have a better idea for how the universe works. If you do have indeed a better case, the next Nobel prize and lots of cash and fame is yours and someone might name a city after you. If you do not, we can ridicule you mercilessly.
Do you feel lucky, punk? Well do ya?
So present your case.
--
BMO
The teenage hacker in a basement was never as much of a risk compared to what started happening about 15 years ago with organized crime getting involved.
This "new" kind of malware has been dubbed (I think more accurately than most) crimeware.
And whether governments do it, or the RBN, it's still crimeware.
--
BMO
Forget what I said
I misread your post. Herf derf myself.
Need coffee.
--
BMO
You forgot to post as anon.
--
BMO
You don't have to prove every value, merely every edge case
Then you haven't even written a proof, have you? You've pretended to.
Why don't you want to pay for perfect software?
Because Man, in his thousands of years on this spinning rock, has never /ever/ created anything perfect.
Perfect software doesn't exist and neither will it ever. If someone claims they can, make sure you know where your wallet is. It's like the koan, "If you meet the Buddha, kill him."
--
BMO - I like ice cream koans.
Software can be made 100% secure assuming it is the only attack vector.
1. That's assuming too much and ignores reality (humans) so this is automatically bunk. But I'll take this as "credible" to discuss the next point.
2. People, like you, have claimed that you should be able to write a mathematical proof for your code, and if you can, it's secure (because supposedly it's only going to do what you tell it without error).
This totally ignores the concept of Complexity - complex (and even unexpected) behaviours arise from simple rules. People don't write proofs for code because the complexity grows exponentially as the lines of code get more numerous. Mapping it simply becomes impossible. Sure, you can write a proof for a 10 line algorithm. What do you do when you have a code base like the size of Windows 8? Or how about something much smaller? Let's take Conway's Game of Life. You have simple rules. You go ahead and map the output for every single set of values. Before the heat death of the Universe, please.
How much do you really want to pay for your software? What features are you willing to give up because it was too expensive to write the proofs? Do we *really* need *all* software to be subject to the same scrutiny as the software that runs a CAT scanner or a medical cyclotron?
It is said that the making of laws and sausages is similar, and you really don't want to watch it happening in real time. I believe we can add "writing software" to this. That's just reality, man. Deal with it.
--
BMO
But it's hard to say there won't be a way to do it until we see group policy templates.
I dunno man, that seems overly optimistic to me at this point. They really seem to be doubling-down on Metro. To back down would be admitting defeat.
volume licensing and enterprise features
No, that's not what I was getting about. Of course they're going to keep domain and RDP stuff and such. I don't think that the Metro UI team is on board with enterprise one bit. I see a lot of businesses sticking with 7 until the bitter end because of metro. But that's just speculation on my part. I'm not alone in that opinion though.
--
BMO
Do you want my post to be full or ranting and caps lock to emphasis my complete and utter anger of this ?
No, but your previous post started out with "giving them the benefit of the doubt" which I think at this point is completely unjustified and seemed to really take the edge off of whether you found the singling out offensive or not. IMO, natch.
Which is why I asked.
politeness
Clearly this depends on the situation.
telling one to go do something painful
That's the spirit, heh.
On another note, I have dealt with Canadian immigration and customs, and while they may seem easy going, they really do know their shit and know when you're trying to pull a fast one. I never had a problem, but I have seen some people just totally blow it, deservedly, and wind up with extra interrogation. Coming back to the US is a different story. I refuse to come through Vermont if at all possible. I'd rather take a detour of several hundred miles and go via the Peace Bridge to get home from Quebec, They're more professional there. They're just jerks at the border station in Vermont. To everybody.
--
BMO
I'd be surprised if there wasn't some way to turn it off
Nope. There *was* a way to, in the Developer's Preview, an obscure registry entry that wasn't obvious to anyone, but when the Consumer Preview rolled around, it was removed, and legacy code in Explorer was removed yet still in the Beta to *make damn sure* nobody can turn off Metro.
The only way to remove Metro now is to remove Explorer and replace it with something else.
Metro really wouldn't fly for ... kiosks
Actually, it's probably better for kiosks than 7 is. It's touch oriented and full screen is nearly mandatory (there is a way to split and have two apps on one screen, but it is... suboptimal from what I've seen)
businesses
I don't think 8 is geared for enterprise at all.
--
BMO